The website YouTube was banned in Thailand this Wednesday, thanks to their refusal to remove a video offending the nation’s sensibility over lese majeste. The government has also been moving swiftly against any websites critical of the regime, especially those with any suspected connections to the last PM, despite protests of censorship from the not-too-loyal opposition.
The minister in charge of technology vowed to yank the website’s persona non grata standing once the offending video has been banned to purgatory.
I tried accessing the url this morning, thinking there was no way the army could shut it down.
Wrong.
Access Denied.
The government boys must have rounded up some hackers from Phantip Plaza on Petchaburi Road to block the site at CAT Telecom’s gateway which monopolizes all Thailand’s international Internet traffic for the nation’s many DSL customers.
Two.
The minister of Culture has also said he will block any pornographic sites, which many in America feel is the front line for free speech.
No porno?
Yikes.
UPDATE
FROM THE NATION
It seems interesting to note than when something as blatant as censoring YouTube occurred, nobody seems to be responsible for it, or for finding out who did it. The Ministry of ICT (MICT) said it was not their fault while the TOT and CAT also denied responsibility.
But the problem was that the block was transient, continually in a state of flux, and lasted for only a matter of hours. As one engineer at an ISP who tried to help analyse the block said, “you can only speculate as to what happened after the fact. What we need is information on the block when it’s actually in place.”
But after this news hit a couple of weeks ago, many readers came forward to say that the YouTube block was not unique – that strange things had been happing to other web sites, for weeks before that.
One newspaper’s web department contacted explained how they first saw something out of the ordinary around two weeks prior to the YouTube block. Their web site was suddenly responding slowly and some users had noted that, in the browser window, instead of the message saying that it was waiting for the domain name in question, it said that it was waiting for a certain numerical IP address belonging to CSLoxinfo, which had nothing to do with them. This new site then spewed out what was effectively a copy of their web site.
Now, to recap for a moment, the YouTube block was done by an HTTP 301 redirect. In other words, the “server” that http://www.youtube.com pointed to was not really the YouTube server, but was a third party machine redirecting the user, first to nowhere, later to the mict.go.th web site.
What was happening to that newspaper’s web site, one speculates, is that the same HTTP 301 redirect was happening, redirecting to a server which then probably did some logging and redirected it back to the real server, which is hosted overseas.
Worryingly, such an attack could not happen without the ISP or gateway’s cooperation. The fact that it happened at the same time by many different ISPs suggests it happened at the Internet gateway level. For Thailand, the gateway is run by CAT.
Now that we know how, a brief glance at the effects of this technical gobbledygook may be in order. The damage done can be felt in a number of ways. For most, including that newspaper’s web site, it was just a slowdown in the already obscenely slow Internet.
For YouTube viewers that Saturday, it meant a block. What few realised is that the same double redirection mechanism can easily be used to watch what we do online. At the very least it can log URLs opened and pair them to IPs, which means a log of who is visiting which web site. A more sophisticated mechanism may even be to eavesdrop on email, passwords and the like.
Hark back to the coup and one recalls that General Sonthi said that anyone eavesdropping on telephone conversations would have their telecom licences revoked. Of course, only geeks use email and credit cards for e-commerce. Real army people use mobile telephones, cash and post armed guards in front of network operations rooms to prevent someone hacking the network and installing a piece of spyware.
Incidentally, rumours are that the MICT once commissioned a major university years ago to build a session hijacking system, though nobody today seems to be willing to confirm its existence.
Could it be that the disruptions of the past month was the result of three of these hypothetical boxes being installed at the International Internet Gateway? Could it be that the only reason that YouTube was blocked was because of the design of the blocking box, which did not differentiate between control traffic and end-user (re-directed, monitored) traffic?
Could it be that once they had hijacked sessions with very high traffic, such as the YouTube site, the box crashed because it could not handle the load and required someone to physically visit the box on Saturday morning to manually reset it?
So what can we do? Taking to the streets in mass protests at Big Brother is one option, but we have been there, done that and it is what led us to this mess to begin with.
The best defence is knowledge. If we can tell when this session hijacking technique is taking place, it will at least make Big Brother think twice.
Firefox and Mozilla users can install a plugin, live HTTP headers from livehttpheaders.mozdev.org. This will, as its name suggests, show the actual HTTP dialogue between the browser and server in real time. What this means is that, if it is redirected via the HTTP 301 redirect message or communicating with a server it should not be talking to, it will be made clear to see.
Once the IP address of the man in the middle is identified, programs such as nmap (http://www.insecure.org) can be used to probe and fingerprint that node. Users should then talk about it in public fora, compare notes from the http headers and nmap results and then, with enough information, perhaps the finger of blame can finally be pointed at someone with proof, rather than just a couple of bits of circumstantial evidence and a lot of speculation.
For a related article click on this URL
https://www.mangozeen.com/da-vinci-code-banned.htm” target=”_blank”>Text Display